Changes (5)

The testing and verification of Microsoft patches for these vulnerabilities is ongoing.

We hope to advise users during January of the potential performance impact of these updates, and whether an update of ClearSCADA software will be required for any reason.

Please see the updates on [this page|CS:Critical Update - Spectre and Meltdown].

{warning}

...

Microsoft provides the Windows Update Service that securely distributes updates and bug fixes in the form of patches. Microsoft schedules the release of patches via Windows Update every second Tuesday of each month, which has unofficially become known as 'Patch Tuesday'.

To provide customers the confidence that they can install Microsoft patches without adversely affecting existing installations of ClearSCADA, a set of regression tests are run on currently supported ClearSCADA versions and their supported server and workstation Microsoft Windows Operating System versions. These regression tests are run on the newly-released Windows patches monthly, with the results published on this page for reference once they are released.

The results documentation is cumulative, meaning that the results from the current month's testing are added to the results of the previous month, and so forth. As a result it is only necessary to review the current month's results spreadsheet to get a comprehensive understanding of the testing performed in the current calendar year. Testing results are archived annually, with previous years' results available below for reference.

Any testing is performed using all the approved previous months of patches installed, except where a more recent patch supersedes that earlier patch.

{note} Any out-of-band (unscheduled)&nbsp;patch released by Microsoft is not tested until the next 'Patch Tuesday' scheduled patches are released, at which point the out-of-band patch will be tested alongside the scheduled patches. {note}

{info} Only Microsoft Windows Server, Workstation, .NET and Internet Explorer security and general updates are tested, any other Microsoft products such as Microsoft Office and Windows Defender are not included within the approval testing.

Third party patches such as those provided by SAP (Crystal Reports Editor), Oracle (Java) and Adobe (Reader) are not included within the testing. {info}

h2. Adoption of Rollup Updates

From October 2016, ClearSCADA has adopted Microsoft's new 'Rollup updates' for patch management, which is a single package containing all Security and Operating System updates for the month. This monthly package is also cumulative, combining new monthly patches together with existing ones so there only a single package to apply to your Operating System.

As part of our monthly Microsoft patch testing activities, the ClearSCADA team will verify that all updates included within the monthly package are compatible with supported versions of ClearSCADA and Windows Operating Systems. Our Microsoft Update report will be updated accordingly to reflect this change, and will include a link to the Microsoft website containing details of the individual updates.

If for any reason the update is unsuccessful, the testing will be limited only to the security updates for that month, which if successful will be published to provide you the confidence to install the security update package. In the event of either updates being unsuccessful, investigation will be undertaken by the ClearSCADA team to diagnose and rectify associated problems as a matter of urgency.

If you have any questions or concerns regarding this change in process, please don't hesitate to contact your local Technical Support team.

h2. Latest Test Results (Excel Format)

The latest Patch Tests were carried out in February 2018 with the results available for download below.

[Microsoft Update Testing|^MS Update Testing Log February 2018.xlsx]

{info}

It is anticipated that the results of the next round of Microsoft patch testing for JanuaryMarch 2018 will be published here by *January*March 31st 2018*

There was no update testing performed in February 2017 as Microsoft chose to not release the scheduled patches until March due to undisclosed problems: [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/]

{info}

{warning}

Schneider Electric recommends that this released patch information is used alongside a suitable patch management process, for example as documented in IEC-62443-2-3, which includes additional local testing using customer specific configuration prior to deployment to *any* production system.

{warning}

...

h2. Archived Test Results

Test results are archived annually. The previous results are available below: